bc-java
bc-java copied to clipboard
bcgit
Bouncy Castle Java Distribution (Mirror)
Recently we switched our Jenkins CI/CD environment to Java 21. Most of our Jenkins hosts use some build of OpenJDK (especially the Red Hat build), however some hosts are different...
The ML-KEM encapsulation function contains two checks on the public key length and modulus. https://github.com/bcgit/bc-java/blob/5ce0d4d4536bcb622c1077a6b9157b02ad8adcc5/core/src/main/java/org/bouncycastle/pqc/crypto/mlkem/MLKEMEngine.java#L289-L300 It does not follow the NIST recommendations [FIPS 203 MODULE-LATTICE-BASED KEY-ENCAPSULATION MECHANISM](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf#subsection.7.2) > ML-KEM.Encaps shall...
Please consider to add the support of "Use of the HSS and XMSS Hash-Based Signature Algorithms in Internet X.509 Public Key Infrastructure" (https://datatracker.ietf.org/doc/draft-ietf-lamps-x509-shbs/). Beside defining three new OBJECT IDENTIFIERs for...
Hello, We want to implement a validation of legacy signatures augmented with a id-aa-ets-archiveTimestampV2 unsigned property, conforming to [ETSI TS 101 733](https://www.etsi.org/deliver/etsi_ts/101700_101799/101733/02.02.01_60/ts_101733v020201p.pdf). According to the definition, the message-imprint is created...
import org.bouncycastle.crypto.SymmetricKey; import org.bouncycastle.crypto.SymmetricSecretKey; import org.bouncycastle.crypto.fips.FipsAES; import org.bouncycastle.crypto.fips.FipsMACOperatorFactory; import org.bouncycastle.crypto.fips.FipsOutputMACCalculator; FipsMACOperatorFactory fipsSymmetricFactory = new FipsAES.MACOperatorFactory(); FipsOutputMACCalculator macCalculator = fipsSymmetricFactory.createOutputMACCalculator( aesKey, FipsAES.CMAC.withMACSize(128));
The **bcpg-fips** source code for _org/bouncycastle/bcpg/ArmoredOutputStream.java_ contains at-least for release **2.0.9** and **2.0.10** still the version placeholder instead of the real version: `public static final String DEFAULT_VERSION = "BCPG v@RELEASE_NAME@";`...
On GCP T2A machine (https://cloud.google.com/blog/products/compute/tau-t2a-is-first-compute-engine-vm-on-an-arm-chip, but NOT C4A https://cloud.google.com/blog/products/compute/introducing-googles-new-arm-based-cpu which works fine), as well as OCI A1 machine (https://www.oracle.com/cloud/compute/arm/, did NOT try A2 machine), Jira 10.2.0+ (introduced https://confluence.atlassian.com/jirasoftware/jira-software-10-2-x-upgrade-notes-1455425770.html, running using...
Hello, As explained in #1965, a similar functionality is required within the [CMSSignedDataStreamGenerator](https://github.com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java), allowing to provide custom digest algorithm identifiers to the CMS generation class. This can be achieved by...
Hello, Similarly to #955 for _CMSSignedData_ class, a method _#addDigestAlgorithm(s)_ should be added within _CMSSignedDataParser_, allowing to generate a new CMS, with a custom set of digest algorithms. The current...
This PR adds post-quantum hybrid ecdhe-mlkem key agreement for TLSv1.3 (https://datatracker.ietf.org/doc/html/draft-kwiatkowski-tls-ecdhe-mlkem-03) [namedgroups] - X25519MLKEM768 - SecP256r1MLKEM768 - SecP384r1MLKEM1024 I'd be happy to address any feedback or questions you may have....
